Cisco Backdoor Account & Other Critical Vulnerabilities


Very recently Cisco announced 3 "critical risk" and numerous other "high risk" vulnerabilities. One
of those vulnerabilities affect IOS XE devices which come with a default pre-configured privileged account which if known could grant easy access to the device by an attacker. Some sources say that this made its way by mistake from testing environment and wasn't removed by the developers before publishing the IOS XE image.
Below is a comprehensive table listing the vulnerabilities alongside their risk level and CVE reference. The affected platforms includes ISR4000, ASR900, ASR1000, Catalyst 3650/3850, Routers 2900, etc...

Cisco IOS XE Software Static Credential VulnerabilityCriticalCVE-2018-0150
Cisco IOS and IOS XE Software Quality of Service Remote Code Execution VulnerabilityCriticalCVE-2018-0151
Cisco IOS and IOS XE Software Smart Install Remote Code Execution VulnerabilityCriticalCVE-2018-0171
Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service VulnerabilityHighCVE-2018-0174
Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service VulnerabilityHighCVE-2018-0173
Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service VulnerabilityHighCVE-2018-0172
Cisco IOS Software Integrated Services Module for VPN Denial of Service VulnerabilityHighCVE-2018-0154
Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service VulnerabilityHighCVE-2018-0160
Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service VulnerabilityHighCVE-2018-0159
Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service VulnerabilityHighCVE-2018-0170
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow VulnerabilitiesHighCVE-2018-0167
Cisco IOS XE Software User EXEC Mode Root Shell Access VulnerabilitiesHighCVE-2018-0169
Cisco IOS XE Software Internet Group Management Protocol Memory Leak VulnerabilityHighCVE-2018-0165
Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service VulnerabilityHighCVE-2018-0155
Cisco IOS and IOS XE Software Smart Install Denial of Service VulnerabilityHighCVE-2018-0156
Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service VulnerabilityHighCVE-2018-0177
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak VulnerabilityHighCVE-2018-0158
Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service VulnerabilityHighCVE-2018-0157
Cisco IOS XE Software Web UI Remote Access Privilege Escalation VulnerabilityHighCVE-2018-0152
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service VulnerabilityHighCVE-2018-0161

Next Post »


Write comments
July 4, 2018 at 8:41 PM delete

tour de france 2018

The Tour de France 2018 will be the 105th edition of the Tour de France, one of cycling's three Grand Tours. The 3,329 km race will depart Noirmoutier-en-l'Île, in the Vendée department, on 7 July and will finish with the Champs-Élysées

stage in Paris, on 29 July. A total of 176 riders across 22 teams will participate in the 21-stage race. The Tour will be the shortest of the century and will be the fifth time a tour has set out from the Vendée department.

October 8, 2018 at 12:42 PM delete

Data science is a fast-moving field – if you’re pursuing a data science career, or even if you’re just interested in data-related topics, you need to invest time to keep up with the trends. Following a few top blogs is a great way to stay abreast of developments in data analysis, statistical software, data visualization, and more. These AUTOMATIONMINDS bloggers consistently offer great resources and tutorials, along with opportunities to connect with and learn from other leading data science professionals.
DATA SCIENCE training in chennai

October 8, 2018 at 2:47 PM delete

SQream Technologies provides you with a state of the art software which combines modern GPU technology (Graphic Processing Units) with the best practices in today’s Big Data platforms, providing up to 100x faster insights from data.
Bigdata Training in Chennai OMR

December 15, 2020 at 4:20 PM delete

Great Article IoT Projects for Students

Deep Learning Projects for Final Year

JavaScript Training in Chennai

JavaScript Training in Chennai

The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training